Make sure software fallback isn't tried on opaque keys

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
This commit is contained in:
Steven Cooreman 2020-09-04 13:06:39 +02:00
parent 15f58d2877
commit 8d2bde77a1

View file

@ -3664,7 +3664,8 @@ psa_status_t psa_sign_hash( psa_key_handle_t handle,
signature, signature,
signature_size, signature_size,
signature_length ); signature_length );
if( status != PSA_ERROR_NOT_SUPPORTED ) if( status != PSA_ERROR_NOT_SUPPORTED ||
psa_key_lifetime_is_external( slot->attr.lifetime ) )
goto exit; goto exit;
/* If the operation was not supported by any accelerator, try fallback. */ /* If the operation was not supported by any accelerator, try fallback. */
@ -3766,7 +3767,8 @@ psa_status_t psa_verify_hash( psa_key_handle_t handle,
hash_length, hash_length,
signature, signature,
signature_length ); signature_length );
if( status != PSA_ERROR_NOT_SUPPORTED ) if( status != PSA_ERROR_NOT_SUPPORTED ||
psa_key_lifetime_is_external( slot->attr.lifetime ) )
return status; return status;
#if defined(MBEDTLS_RSA_C) #if defined(MBEDTLS_RSA_C)